Implement Phase 0+1: project setup, config, database, migrations

- Go module, Makefile, .golangci.yaml, .gitignore, example config
- TOML config loading with validation
- SQLite database with WAL, foreign keys, busy timeout
- Schema migrations: users, webauthn_credentials, notebooks, pages,
  strokes, share_links with indexes and cascading deletes
- 4 tests: open+migrate, idempotent, foreign keys, cascade delete

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

internal/config/config.go

@@ -0,0 +1,80 @@
+package config
+
+import (
+	"fmt"
+	"os"
+	"time"
+
+	"github.com/pelletier/go-toml/v2"
+)
+
+type Config struct {
+	Server   ServerConfig   `toml:"server"`
+	Web      WebConfig      `toml:"web"`
+	Database DatabaseConfig `toml:"database"`
+	Auth     AuthConfig     `toml:"auth"`
+	WebAuthn WebAuthnConfig `toml:"webauthn"`
+	Log      LogConfig      `toml:"log"`
+}
+
+type ServerConfig struct {
+	ListenAddr string `toml:"listen_addr"`
+	GRPCAddr   string `toml:"grpc_addr"`
+	TLSCert    string `toml:"tls_cert"`
+	TLSKey     string `toml:"tls_key"`
+}
+
+type WebConfig struct {
+	ListenAddr string `toml:"listen_addr"`
+	BaseURL    string `toml:"base_url"`
+}
+
+type DatabaseConfig struct {
+	Path string `toml:"path"`
+}
+
+type AuthConfig struct {
+	TokenTTL      string `toml:"token_ttl"`
+	Argon2Memory  uint32 `toml:"argon2_memory"`
+	Argon2Time    uint32 `toml:"argon2_time"`
+	Argon2Threads uint8  `toml:"argon2_threads"`
+}
+
+func (a AuthConfig) TokenDuration() (time.Duration, error) {
+	return time.ParseDuration(a.TokenTTL)
+}
+
+type WebAuthnConfig struct {
+	RPDisplayName string   `toml:"rp_display_name"`
+	RPID          string   `toml:"rp_id"`
+	RPOrigins     []string `toml:"rp_origins"`
+}
+
+type LogConfig struct {
+	Level string `toml:"level"`
+}
+
+func Load(path string) (*Config, error) {
+	data, err := os.ReadFile(path)
+	if err != nil {
+		return nil, fmt.Errorf("read config: %w", err)
+	}
+	var cfg Config
+	if err := toml.Unmarshal(data, &cfg); err != nil {
+		return nil, fmt.Errorf("parse config: %w", err)
+	}
+	if err := cfg.validate(); err != nil {
+		return nil, fmt.Errorf("config validation: %w", err)
+	}
+	return &cfg, nil
+}
+
+func (c *Config) validate() error {
+	if c.Database.Path == "" {
+		return fmt.Errorf("database.path is required")
+	}
+	if c.Server.TLSCert == "" || c.Server.TLSKey == "" {
+		return fmt.Errorf("server.tls_cert and server.tls_key are required")
+	}
+	return nil
+}

internal/db/db.go

@@ -0,0 +1,29 @@
+package db
+
+import (
+	"database/sql"
+	"fmt"
+
+	_ "modernc.org/sqlite"
+)
+
+func Open(path string) (*sql.DB, error) {
+	db, err := sql.Open("sqlite", path)
+	if err != nil {
+		return nil, fmt.Errorf("open database: %w", err)
+	}
+
+	pragmas := []string{
+		"PRAGMA journal_mode = WAL",
+		"PRAGMA foreign_keys = ON",
+		"PRAGMA busy_timeout = 5000",
+	}
+	for _, p := range pragmas {
+		if _, err := db.Exec(p); err != nil {
+			_ = db.Close()
+			return nil, fmt.Errorf("exec %q: %w", p, err)
+		}
+	}
+
+	return db, nil
+}

internal/db/db_test.go

@@ -0,0 +1,120 @@
+package db
+
+import (
+	"path/filepath"
+	"testing"
+)
+
+func TestOpenAndMigrate(t *testing.T) {
+	dir := t.TempDir()
+	database, err := Open(filepath.Join(dir, "test.db"))
+	if err != nil {
+		t.Fatalf("open: %v", err)
+	}
+	defer func() { _ = database.Close() }()
+
+	if err := Migrate(database); err != nil {
+		t.Fatalf("migrate: %v", err)
+	}
+
+	// Verify tables exist
+	tables := []string{"users", "notebooks", "pages", "strokes", "share_links", "webauthn_credentials", "schema_migrations"}
+	for _, table := range tables {
+		var name string
+		err := database.QueryRow("SELECT name FROM sqlite_master WHERE type='table' AND name=?", table).Scan(&name)
+		if err != nil {
+			t.Errorf("table %s not found: %v", table, err)
+		}
+	}
+}
+
+func TestMigrateIdempotent(t *testing.T) {
+	dir := t.TempDir()
+	database, err := Open(filepath.Join(dir, "test.db"))
+	if err != nil {
+		t.Fatalf("open: %v", err)
+	}
+	defer func() { _ = database.Close() }()
+
+	if err := Migrate(database); err != nil {
+		t.Fatalf("first migrate: %v", err)
+	}
+	if err := Migrate(database); err != nil {
+		t.Fatalf("second migrate: %v", err)
+	}
+}
+
+func TestForeignKeys(t *testing.T) {
+	dir := t.TempDir()
+	database, err := Open(filepath.Join(dir, "test.db"))
+	if err != nil {
+		t.Fatalf("open: %v", err)
+	}
+	defer func() { _ = database.Close() }()
+
+	if err := Migrate(database); err != nil {
+		t.Fatalf("migrate: %v", err)
+	}
+
+	// Inserting a notebook with non-existent user_id should fail
+	_, err = database.Exec("INSERT INTO notebooks (user_id, remote_id, title, page_size, synced_at) VALUES (999, 1, 'test', 'REGULAR', 0)")
+	if err == nil {
+		t.Fatal("expected foreign key error, got nil")
+	}
+}
+
+func TestCascadeDelete(t *testing.T) {
+	dir := t.TempDir()
+	database, err := Open(filepath.Join(dir, "test.db"))
+	if err != nil {
+		t.Fatalf("open: %v", err)
+	}
+	defer func() { _ = database.Close() }()
+
+	if err := Migrate(database); err != nil {
+		t.Fatalf("migrate: %v", err)
+	}
+
+	// Create user, notebook, page, stroke
+	res, err := database.Exec("INSERT INTO users (username, password_hash, created_at, updated_at) VALUES ('test', 'hash', 0, 0)")
+	if err != nil {
+		t.Fatalf("insert user: %v", err)
+	}
+	userID, _ := res.LastInsertId()
+
+	res, err = database.Exec("INSERT INTO notebooks (user_id, remote_id, title, page_size, synced_at) VALUES (?, 1, 'nb', 'REGULAR', 0)", userID)
+	if err != nil {
+		t.Fatalf("insert notebook: %v", err)
+	}
+	nbID, _ := res.LastInsertId()
+
+	res, err = database.Exec("INSERT INTO pages (notebook_id, remote_id, page_number) VALUES (?, 1, 1)", nbID)
+	if err != nil {
+		t.Fatalf("insert page: %v", err)
+	}
+	pageID, _ := res.LastInsertId()
+
+	_, err = database.Exec("INSERT INTO strokes (page_id, pen_size, color, point_data, stroke_order) VALUES (?, 1.0, 0, X'00', 1)", pageID)
+	if err != nil {
+		t.Fatalf("insert stroke: %v", err)
+	}
+
+	// Delete the user — everything should cascade
+	if _, err := database.Exec("DELETE FROM users WHERE id = ?", userID); err != nil {
+		t.Fatalf("delete user: %v", err)
+	}
+
+	var count int
+	_ = database.QueryRow("SELECT COUNT(*) FROM notebooks").Scan(&count)
+	if count != 0 {
+		t.Errorf("expected 0 notebooks, got %d", count)
+	}
+	_ = database.QueryRow("SELECT COUNT(*) FROM pages").Scan(&count)
+	if count != 0 {
+		t.Errorf("expected 0 pages, got %d", count)
+	}
+	_ = database.QueryRow("SELECT COUNT(*) FROM strokes").Scan(&count)
+	if count != 0 {
+		t.Errorf("expected 0 strokes, got %d", count)
+	}
+}

internal/db/migrations.go

@@ -0,0 +1,114 @@
+package db
+
+import (
+	"database/sql"
+	"fmt"
+)
+
+var migrations = []struct {
+	name string
+	sql  string
+}{
+	{
+		name: "001_initial_schema",
+		sql: `
+CREATE TABLE IF NOT EXISTS users (
+    id            INTEGER PRIMARY KEY AUTOINCREMENT,
+    username      TEXT NOT NULL UNIQUE,
+    password_hash TEXT NOT NULL,
+    created_at    INTEGER NOT NULL,
+    updated_at    INTEGER NOT NULL
+);
+
+CREATE TABLE IF NOT EXISTS webauthn_credentials (
+    id              INTEGER PRIMARY KEY AUTOINCREMENT,
+    user_id         INTEGER NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+    credential_id   BLOB NOT NULL UNIQUE,
+    public_key      BLOB NOT NULL,
+    name            TEXT NOT NULL,
+    sign_count      INTEGER NOT NULL DEFAULT 0,
+    created_at      INTEGER NOT NULL
+);
+
+CREATE TABLE IF NOT EXISTS notebooks (
+    id            INTEGER PRIMARY KEY AUTOINCREMENT,
+    user_id       INTEGER NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+    remote_id     INTEGER NOT NULL,
+    title         TEXT NOT NULL,
+    page_size     TEXT NOT NULL,
+    synced_at     INTEGER NOT NULL,
+    UNIQUE(user_id, remote_id)
+);
+
+CREATE TABLE IF NOT EXISTS pages (
+    id            INTEGER PRIMARY KEY AUTOINCREMENT,
+    notebook_id   INTEGER NOT NULL REFERENCES notebooks(id) ON DELETE CASCADE,
+    remote_id     INTEGER NOT NULL,
+    page_number   INTEGER NOT NULL,
+    UNIQUE(notebook_id, remote_id)
+);
+
+CREATE TABLE IF NOT EXISTS strokes (
+    id            INTEGER PRIMARY KEY AUTOINCREMENT,
+    page_id       INTEGER NOT NULL REFERENCES pages(id) ON DELETE CASCADE,
+    pen_size      REAL NOT NULL,
+    color         INTEGER NOT NULL,
+    style         TEXT NOT NULL DEFAULT 'plain',
+    point_data    BLOB NOT NULL,
+    stroke_order  INTEGER NOT NULL
+);
+
+CREATE TABLE IF NOT EXISTS share_links (
+    id            INTEGER PRIMARY KEY AUTOINCREMENT,
+    notebook_id   INTEGER NOT NULL REFERENCES notebooks(id) ON DELETE CASCADE,
+    token         TEXT NOT NULL UNIQUE,
+    expires_at    INTEGER,
+    created_at    INTEGER NOT NULL
+);
+
+CREATE TABLE IF NOT EXISTS schema_migrations (
+    name       TEXT PRIMARY KEY,
+    applied_at INTEGER NOT NULL
+);
+
+CREATE INDEX IF NOT EXISTS idx_notebooks_user ON notebooks(user_id);
+CREATE INDEX IF NOT EXISTS idx_pages_notebook ON pages(notebook_id);
+CREATE INDEX IF NOT EXISTS idx_strokes_page ON strokes(page_id);
+CREATE INDEX IF NOT EXISTS idx_share_links_token ON share_links(token);
+CREATE INDEX IF NOT EXISTS idx_webauthn_user ON webauthn_credentials(user_id);
+`,
+	},
+}
+
+func Migrate(database *sql.DB) error {
+	// Ensure schema_migrations table exists
+	_, err := database.Exec(`CREATE TABLE IF NOT EXISTS schema_migrations (
+		name TEXT PRIMARY KEY, applied_at INTEGER NOT NULL)`)
+	if err != nil {
+		return fmt.Errorf("create schema_migrations: %w", err)
+	}
+
+	for _, m := range migrations {
+		var count int
+		err := database.QueryRow("SELECT COUNT(*) FROM schema_migrations WHERE name = ?", m.name).Scan(&count)
+		if err != nil {
+			return fmt.Errorf("check migration %s: %w", m.name, err)
+		}
+		if count > 0 {
+			continue
+		}
+
+		if _, err := database.Exec(m.sql); err != nil {
+			return fmt.Errorf("apply migration %s: %w", m.name, err)
+		}
+
+		if _, err := database.Exec(
+			"INSERT INTO schema_migrations (name, applied_at) VALUES (?, strftime('%s','now'))",
+			m.name,
+		); err != nil {
+			return fmt.Errorf("record migration %s: %w", m.name, err)
+		}
+	}
+
+	return nil
+}